Updated October 17, 2023
This Privacy Policy explains how PicnicHealth handles your personal information when you access the Site and/or use the Service. Terms not defined in this Privacy Policy are defined in the PicnicHealth Terms of Use, and this Privacy Policy is incorporated into the Terms of Use.
We collect information from you on our Site, in email, text and other electronic messages, and when you interact with advertisements or third party services that link to this Privacy Policy. This Policy does not apply to information collected offline or through any other website. You should not use the Service and you may not accept this Policy if you are not of a legal age to form a binding contract with PicnicHealth. By accessing the PicnicHealth Site you agree to this Policy. If you do not agree to any of the terms in this Privacy Policy, you should not access the Site or use the Service.
Simply put, we do not and will not use your personal information for any reason, other than as described in this Privacy Policy. PicnicHealth uses and discloses your personal information only as follows:
Certain areas and features of PicnicHealth.com are available to you without registration or the need to provide to us any information. However, other features of the Site or the Service may require registration, which involves provision to PicnicHealth of an email address, a password and a username (collectively the “Registration Information”).
We collect personal information about you from you directly when you fill out forms on the Site and certain details automatically when you navigate through our Site. This personal information includes identifying information such as name, address, email address, phone number, or fax number.
From time to time we may request other personal information to provide you with other benefits of the Service. In all such instances, you will be given the opportunity to provide or to decline to provide that information, and it will be used only for the stated purpose. PicnicHealth may make anonymous or aggregate personal information and disclose such data only in a non-personally identifiable manner to:
Access to your Registration Information and any other personal information you provide is strictly restricted and used in accordance with specific internal procedures and safeguards governing access, in order to operate, develop or improve the Service. These individuals have been selected in accordance with our security policies and practices and are bound by confidentiality obligations. They may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
We may share your data with third-party vendors, service providers, contractors, or agents ("third parties") who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which are designed to help safeguard your personal information.
We may also share your information:
When you make a payment on our Site, you may be taken to the website of one of our third-party service providers. Please see our Terms of Use to learn more.
If your Registration Information changes during your subscription to PicnicHealth, we encourage to promptly update it via the Service.
When you visit PicnicHealth.com, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Site. When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. This information may contain personal data and may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Web design and functionality.
“Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. PicnicHealth.com may set and access cookies on your computer to track and store preferential information about you. PicnicHealth.com may gather information about you through cookie technology. Please note that most Internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer. If you choose to eliminate cookies, the full functionality of the Service may be impaired for you.
We encode our cookies so that only we can interpret the information stored in them.
Web beacons are images embedded in a Web page or email for the purpose of measuring and analyzing site usage and activity. PicnicHealth.com, or third party service providers acting on our behalf, may use Web beacons to help us analyze Site usage and improve the Service.
We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on PicnicHealth.com. We may permit these service providers to use cookies and other technologies to perform these services for PicnicHealth.com. For further information, please visit our cookie policy.
Our analytics providers include:
We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.
When you visit PicnicHealth.com, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Site. When you access the Service by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data. This information may contain personal data and may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Web design and functionality.
“Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. PicnicHealth.com may set and access cookies on your computer to track and store preferential information about you. PicnicHealth.com may gather information about you through cookie technology. Please note that most Internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer. If you choose to eliminate cookies, the full functionality of the Service may be impaired for you.
We encode our cookies so that only we can interpret the information stored in them.
Web beacons are images embedded in a Web page or email for the purpose of measuring and analyzing site usage and activity. PicnicHealth.com, or third party service providers acting on our behalf, may use Web beacons to help us analyze Site usage and improve the Service.
We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on PicnicHealth.com. We may permit these service providers to use cookies and other technologies to perform these services for PicnicHealth.com.
Our analytics providers include:
We also may use automated data collection technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Some web browsers permit you to broadcast a signal to websites and online services indicating a preference that they “do not track” your online activities. At this time, we do not honor such signals, and we do not modify what information we collect or how we use that information based upon whether such a signal is broadcast or received by us.
Our Site may contain links or references to other websites outside of our control. Please be aware that this Privacy Policy does not apply to third-party websites. PicnicHealth does not control and is not responsible for what third parties do with your personal information. Please exercise caution and consult the privacy policies posted on each third-party website for further information.
If you comment on the blog on our Site, you should be aware that any information you submit there can be read, collected or used by other users and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to submit through this forum.
We will retain your personal information only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your personal information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.
Your data is yours. You can request to remove it anytime you want. Unless we are required to maintain your data for legal purposes, When you request us to delete your account for the Service, your personal information will be permanently expunged from our primary production servers and further access to your account will not be possible. You can contact us at [email protected] if you would like to delete your personal information.
From time to time we may provide our registered customers with email alerts or email newsletters. You have the ability to opt-out of receiving our promotional emails and to terminate a newsletter subscriptions by following the instructions in the emails to unsubscribe. Opting out in this manner will not end transmission of service-related emails, such as email alerts concerning your records or use of the Service.
We protect your personal data through a combination of controls and best practices, however no data protection procedures are ever completely secure. Your transmission of your personal information to us is done entirely at your own risk.
We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect PicnicHealth accounts and systems from unauthorized access.
When you register for the Service, PicnicHealth.com requires a password from you for your privacy and security. You should maintain the confidentiality of your password. PicnicHealth transmits information such as your Registration Information for PicnicHealth.com or other portal credentials securely.
Our servers are maintained in a facility that is protected by industry best practices and commercially reasonable security precautions.
Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted. We enforce physical access controls to our buildings.
No employee may put any sensitive content on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop).
Anytime you submit your Login ID and Password, these communications between your computer and PicnicHealth.com are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.
Our Site and Services are not intended for use by children under the age of 18 without parental consent. If you are under the age of 18, your parent or legal guardian must create your account, submit your personal information, and agree to this Privacy Policy on your behalf.
Your parent or guardian may review your personal information, direct us to delete it, and refuse to allow further collection or use of your personal information. Please note that deleting or refusing to allow collection of your personal information will prevent us from providing the Services.
If we learn that we have collected personal information from a minor under the age of 18 without verification of consent from a parent or guardian, we will delete that information. If you believe that we have impermissibly collected personal information from or about a minor under the age of 18, or if your parent or legal guardian wishes to review your personal information, please contact us at [email protected].
Residents of the State of California have the right to request from certain businesses with whom the California resident has an established business relationship a list of all third parties to which the business, during the immediately preceding calendar year, has disclosed certain personally identifiable information for direct marketing purposes. We are only required to respond to a customer request once during any calendar year. To obtain this information, you should send a written request to [email protected] with the subject heading “California Privacy Rights.” In your request, please attest to the fact that you are a California resident and provide a current California address for our response. Please be aware that not all information sharing is covered by the California Privacy Rights requirements and only information on covered sharing will be included in our response.
We update this Privacy Policy periodically. The revision date appears at the top of the Policy. Changes take effect immediately upon posting. Your continued use of the Site and the Services will be deemed to be your agreement that your personal information may be used in accordance with any changes. If you do not agree with the changes, then you should stop using the Site and the Services and notify us that you do not want your personal information used in accordance with the changes.
In addition to the disclosures made elsewhere in the Privacy Policy regarding our privacy practices, in some regions, such as the EEA, Switzerland or the UK, you have certain rights under applicable data protection laws. Our legal basis for collecting data in these regions can vary dependent on the nature of the information and the purpose for which we collect. This applies to the ‘personal data’, as defined under applicable data protection laws, of natural persons located in the EEA, Switzerland and the UK. Any terms not defined herein have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined the Privacy Policy, in applicable data protection laws.
The General Data Protection Regulation (GDPR) requires us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information: We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person. In addition, we may process your personal information for the purpose of the legitimate interests pursued by us, or by a third party, per the provisions of the applicable data protection law ensuring your interests and fundamental rights are always protected.
Our servers are located in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information in the United States or other countries. If you are a resident in the EEA, Switzerland or the UK, then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law. Any transfer of your personal data outside of your home region is pursuant to applicable data protection laws. We have implemented measures to protect your personal information, including by using the European Commission's Standard Contractual Clauses for transfers of personal information between us and our third-party providers. These clauses require all recipients to protect all personal information that they process originating from the EEA, Switzerland and the UK in accordance with European data protection laws and regulations.
You have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided below. We will consider and act upon any request in accordance with applicable data protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to the Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
In the case of processing of special categories of personal information, per the definition in applicable data protection law, your consent is our lawful basis for processing. If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided below. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you are located in the EEA, Switzerland or UK, the "data controller" of your personal information is PicnicHealth. To contact PicnicHealth’s DPO, please contact [email protected]. PicnicHealth has appointed GDPR Local Ltd to be its representative in the UK. Contact details are GDPR Local Ltd, Adam Brogden, [email protected], +441 772 217 800, 1st Floor Front Suite 27-29 North Street, Brighton England BN11EB. In the EU, PicnicHealth has appointed Instant EU GDPR Representative Ltd to be its representative. Contact details are Instant EU GDPR Representative Ltd, Adam Brogden, [email protected], +353 15 549 700, Office 2, 12A Lower Main Street, Lucan Co, Dublin, K78 X5P8, Ireland.
This section provides supplementary information for individuals located in Australia who engage with PicnicHealth or our Services. This section is to be read in conjunction with the remainder of our Privacy Policy. PicnicHealth adheres to the principles of the Privacy Act 1988 and other applicable Australian data protection laws. Any terms not defined herein have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined the Privacy Policy, in applicable data protection laws. If you interact with us, or our Services, your personal data will be stored in accordance with applicable data regulation, we implement and maintain the highest levels of data security measures to protect your personal data. PicnicHealth may store your personal data outside of Australia, in the United States, for processing. We will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law. Any transfer of your personal data outside of your home region is pursuant to applicable data protection laws. You have the right not to submit personal information to us (other than data required by law) however this will reduce your ability to participate in all aspects of PicnicHealth, and its Services. If you have any questions or concerns about our privacy policy or our compliance with Australian data regulations, please contact our DPO at [email protected]. You also have the right to complain to the Office of the Australian Information Commissioner if you have any concerns with how we manage your personal data.
This section provides supplementary information for individuals located in Canada who engage with PicnicHealth or our Services. This section is to be read in conjunction with the remainder of our Privacy Policy. We adhere to the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) and other applicable Canadian data protection laws. Any terms not defined herein have the meaning ascribed to them elsewhere in the Privacy Policy or, if not defined the Privacy Policy, in applicable data protection laws. We may process your personal information if you have given us specific permission (i.e. express consent or implied consent) to use your personal information for engagement, or Services, by PicnicHealth. You can withdraw your consent at any time. In exceptional circumstances, we may be legally permitted under applicable law to process your personal information without your consent, including, for example, but not limited to, if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records and for investigations and fraud detection and prevention. If you have any questions or concerns about our privacy policy or our compliance with Canadian data regulations, please contact our DPO at [email protected].
PicnicHealth, and its Services, are intended for use in the US, UK, EEA, Switzerland, Australia and Canada only. We do not knowingly collect personal information about individuals residing outside the above territories. If you believe that we have collected or processed personal information about any individuals residing outside the US, UK, EEA, Switzerland, Australia or Canada, please contact us immediately at [email protected] with the subject heading ‘Region’. If you visit our Site or contact us from outside the above territories, please note that your personal information shared, or that we automatically collect, may be transferred to the US. Should you use our Site or submit information through our Site, you are authorizing explicitly the transfer and processing of any personal data in accordance with US law.
If you have questions, comments, concerns or feedback regarding this Privacy Policy or any other privacy or security concern, contact us at:
850 Folsom St
San Francisco, CA 94107
Telephone: (415)-801-0572
Email: [email protected]
